Symantec Endpoint Encryption 7.0 Installation Details, Database and Management Server Sizing Recommendations

book

Article ID: 178072

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

You would like information about Symantec Endpoint Encryption database, installation, and hardware sizing requirements.

Resolution


SEE Installation Specifications
Symantec Endpoint Encryption on a client requires 2-3 installation packages depending on the configuration: Framework, Full Disk and Removable Storage. The Framework is always required. Full Disk (SEE-FD) and Removable Storage (SEE-RS) are available options.

The installation package sizes are as follows:
Framework 8MB
SEE-FD 14 MB
SEE-RS 20 MB

The SEE agent footprint once deployed can range between approximately 54-84MB, again depending on if SEE-FD, SEE-RS or both were installed.
Framework 40MB
SEE-FD 30MB
SEE-RS 14MB

With SEE-FD encrypted volumes are created on the disk in addition to the software install sizes. The volume size is approximately 30M. If Pre Boot Authentication is enabled within SEE-FD, the bootloader disk space footprint is approximately 30MB.

The following processes/services (and their memory footprint) will be present on the deployed client.
EAFRCliStart.exe 2076k
EAFRCCliManager.exe 2620k
EACommunication 5500k
*RemovableStorageMgmtService 1156k
*RemovableStorageService 1076k
*RSGUIProvider 844k
*(SEE-RS specific services)

In terms of performance, the Rated I/O impact has been observed to be 5-10% during initial encryption and 5% (or less) after encryption when the encryption driver performs on the fly encrypt/decrypt operations.

Symantec Endpoint Encryption has relatively modest bandwidth requirements. Policy updates are typically around 50k. Updates are only conducted to change client configurations. The Client check in interval is configurable; the default is 60 minutes.

Database Sizing
There are two ways to implement the database in SEE: on the server itself (via SQL Express w/Advanced Services) and “off box” using a database server. One Symantec Endpoint Encryption management server can support 100,000 clients, but this is also dependant on the database being used. If you are using SQL Express (w/Advanced Services) running on the server itself, that number goes down to about 10,000.

Database sizing depends on a number of factors: configuration of the database, number of installed clients, number of computer objects in the AD forest, the number of registered users, etc. With the way the schema is created, the data file has an initial size of 800MB and can grow up to 10 GB in increments of 25MB. The log file is created with an initial size of 80MB and can grow up to 2 GB in increments of 20MB.

Data File
Initial size
800 MB
Maximum size
10240 MB (10 GB)
Growth increment
25 MB

t-log File
Initial size
80 MB
Maximum size
2048 MB (2 GB)
Growth increment
20 MB

In general, internal testing has shown that for 30-40K simulated endpoints the database uses about 1-2GB of space (when both SEE-FD and SEE-RS are deployed).

Hardware Sizing
The following are examples of suggested configurations:

SMALL DEPLOYMENTS (1-10K ENDPOINTS):
SEE Management server:
Dual Core CPU
2GB RAM
10GB disk space

DB server (if SQL Express is not used):
Dual Core CPU
2 GB RAM
10 GB disk space

MEDIUM SIZED DEPLOYMENTS (10K-50K ENDPOINTS):
SEE Management server:
Dual Core CPU
4GB RAM
10GB disk space

1 DB server:
Dual Core CPU
4 GB RAM
20 GB disk space; SATA drive for optimum performance




Attachments